IT sourcing comes in many forms, ranging from do-it-yourself to relying on third parties. Third parties might be institutional consortia, university systems, or for-profit corporate providers. As colleges and universities consider the strategic advantages of leveraging the cloud for storage, processing, e-mail, identity management, and other services and infrastructures, there are a host of compliance, policy, and risk issues to evaluate, not the least of which are privacy and security considerations. This workshop will explore the challenges and opportunities associated with third-party data handling, highlighting resources such as emerging standards and best practices, campus policies, awareness campaigns, tools for assessing third-party risks, and contractual language. The workshop will be presented by a team of individuals with experience in IT, law, policy, privacy, and security.